Telemetry protocol is vulnerable to a MitM Vulnerability

Summary

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.

Affected Products

FortiClientEMS version 7.0.1 and below.
FortiClientEMS version 6.4.6 and below.
FortiClientWindows version 7.0.1 and below.
FortiClientWindows version 6.4.6 and below.
FortiClientLinux version 7.0.1 and below.
FortiClientLinux version 6.4.6 and below.
FortiClientMac version 7.0.1 and below.
FortiClientMac version 6.4.6 and below.

Solutions

Please ugrade to FortiClientEMS version 7.0.2 or above.
Please ugrade to FortiClientEMS version 6.4.7 or above.
Please upgrade to FortiClientWindows 7.0.2 or above.
Please upgrade to FortiClientWindows 6.4.7 or above.
Please upgrade to FortiClientLinux 7.0.2 or above.
Please upgrade to FortiClientLinux 6.4.7 or above.
Please upgrade to FortiClientMac 7.0.2 or above.
Please upgrade to FortiClientMac 6.4.7 or above.

Acknowledgement

Fortinet is pleased to thank Steven Shockley for reporting this vulnerability under responsible disclosure.

Timeline

2021-12-07: Initial publication